PyCA cryptography 38.0.0 has been released to PyPI. cryptography
includes both high level recipes and low level interfaces to common
cryptographic algorithms such as symmetric ciphers, asymmetric
algorithms, message digests, X509, key derivation functions, and much
more. We support Python 3.6+, and PyPy3.

Changelog (
* Final deprecation of OpenSSL 1.1.0. The next release of cryptography
will drop support.
* We no longer ship manylinux2010 wheels. Users should upgrade to the
latest pip to ensure this doesn’t cause issues downloading wheels on
their platform. We now ship manylinux_2_28 wheels for users on new
enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from
1.41.0. Users with the latest pip will typically get a wheel and not
need Rust installed, but check Installation for documentation on
installing a newer rustc if required.
decrypt() and related methods now accept both str and bytes tokens.
* Parsing CertificateSigningRequest restores the behavior of enforcing
that the Extension critical field must be correctly encoded DER. See
the issue for complete details.
* Added two new OpenSSL functions to the bindings to support an
upcoming pyOpenSSL release.
* When parsing CertificateRevocationList and CertificateSigningRequest
values, it is now enforced that the version value in the input must be
valid according to the rules of RFC 2986 and RFC 5280.
* Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is
deprecated and support will be removed in the next version.
* Added additional APIs to SignedCertificateTimestamp, including
signature_hash_algorithm, signature_algorithm, signature, and
* Added tbs_precertificate_bytes, allowing users to access the
to-be-signed pre-certificate data needed for signed certificate
timestamp verification.
* KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location.
* Fixed RFC 4514 name parsing to reverse the order of the RDNs
according to the section 2.1 of the RFC, affecting method
* It is now possible to customize some aspects of encryption when
serializing private keys, using encryption_builder().
* Removed several legacy symbols from our OpenSSL bindings. Users of
pyOpenSSL versions older than 22.0 will need to upgrade.
* Added AES128 and AES256 classes. These classes do not replace AES
(which allows all AES key lengths), but are intended for applications
where developers want to be explicit about key length.

-Paul Kehrer (reaperhulk)
Python-announce-list mailing list --
To unsubscribe send an email to
Member address:

Reply via email to